When you configure AppScan Enterprise with the Okta service, you must add the associated
Single Sign-On, Issuer URLs and Token certificate to the SAML properties.
Before you begin
- You must have user having privileges to access AppScan Enterprise installation folders.
- You must be Okta administrator.
- You must have configured Okta as an IdP for SAML in AppScan Enterprise. See, Enabling SAML Service
Provider.
About this task
When you configure IdP with an SP, unique entity URLs are generated by the IdP that your SP
identifies during SAML assertion. Each of these entity URLs contain information about the IdP
properties, which the SP identify and validate upon receiving user authentication request from the
IdP during SAML assertion. You must enter these entity URL values in the SAML properties file to
enable SAML identification process. The entire process of SAML-SSO authentication is validated
between an SP and IdP based on the these IdP entity URLs. The Single Sign-on URL is the IdP URL that
is used for accessing Okta application from where you can log in to AppScan Enterprise application
SP; while the Issuer URL is the unique URL through which the SP identifies the IdP for SAML
assertion, and the SAML Token Signer certificate generated during AppScan Enterprise application
integration, is the basis for IdP to establish trust with the SAML service provider for exchanging
authentication requests.
This section explains about updating the SAML properties with the
Okta custom properties and the SAML Token signer certificate.
Procedure
-
Log in to your Okta account.
-
Under the CATEGORIES menu, click Apps.
The list of applications integrated with the Okta account is displayed.
-
Click AppScan Enterprise application from this list.
The AppScan Enterprise application configuration page is displayed.
-
Click the Sign On tab.
-
Click View Setup Instructions under the Settings
section.
Note: This is displayed only when you are setting up AppScan Enterprise application in Okta for the
first time. However, you can use the Edit option to modify or change the
configurations later.
You can view the following properties values generated by IdP in the
View Setup
Instructions page that is displayed:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
-
Copy the values corresponding to each of these properties to a notepad.
Note: Before copying the X.509 certificate information, you must convert the certificate data into
the single line string format.
-
Go to the server where you have installed the AppScan Enterprise application.
-
Navigate to the configuration files folder in the installation directory where the AppScan
Enterprise software package is installed. For example: <installation directory>\AppScan
Enterprise\Liberty\usr\servers\ase\config.
-
Locate and open the SAML configuration properties,
onelogin.saml.properties, file in a text editor.
-
Update the following custom properties in the SAML configuration properties file,
onelogin.saml.properties, with the generated values you have noted from the
Okta View Setup Instructions page.
| SAML Property | Property values to update |
|---|
| onelogin.saml2.idp.single_sign_on_service.url |
Update the Identity Provider Single Sign On URL value. |
| onelogin.saml2.idp.entityid |
Update the Identity Provider Issuer value. |
| onelogin.saml2.idp.x509cert |
Update the single line string value of the X.509 certificate, which you have noted. |
| onelogin.saml2.sp.assertion_consumer_service.url |
Edit these parameters with the value <ASE url>/api/saml
|
| onelogin.saml2.sp.entityid |
Edit these parameters with the value <ASE url>/api/metadata.jsp
|
-
After updating the onelogin.saml.properties file, save and close it.
Results
The Okta Token certificate and SAML properties are updated in the SAML properties
file.
What to do next
You must assign users in the Okta providing the SSO login access to AppScan Enterprise
application.